For now, don't Google search for software downloads

Not open for further replies.

Daniel Sims

Posts: 824   +33
PSA: For many, Google is the most straightforward way to find specific software, but malicious actors have made this dangerous over the last few months. If you click on one of the top Google results (usually an ad, not a top result) after searching for specific popular programs, the link might lead to an impersonator delivering malware.

Googling programs like MSI Afterburner, Bitwarden, Grammarly, Blender, Gimp, Adobe Reader, Microsoft Teams, OBS, Slack, Thunderbird, and many others lately can bring up promoted search results controlled by hackers. Malvertising campaigns impersonating those brands have subverted Google Ads since at least December.

The top Google search results for software and other products tend to be advertisements that give Google customers ad clicks while taking users to relevant sites of interest. However, malicious impersonators found a way to bring targets to their malware from search results while evading Google's detection.

Guardio Labs notes that threat actors create harmless advertising sites to feature on Google Ads that redirect users to malicious websites. The fraudulent page looks identical to the software's official download site. The trick is that the redirect only occurs when human users click the ads. Crawlers, bots, Google's policy enforcers, or anyone else who directly enters the URL the ad displays will only see the harmless advertising site. Thus, the rogue sites are invisible to Google.

Furthermore, the malware payloads often don't download directly through the browser. Instead, they might hide in GitHub, Dropbox, or Discord to decrease the odds of antivirus programs catching them. Some of the malware from the false advertising will appear digitally signed from Microsoft, Acer, DigiCert, Sectigo, or AVG Technologies USA. They use a combination of these and other techniques to avoid detection.

The malware involved in these campaigns includes Formbook, IcedID, MetaStealer, and others. Last month, some users who searched for Bitwarden encountered sponsored Google links leading to phishing pages that tried to steal their master passwords.

In December, the FBI warned users about Google malvertising, admitting that ad blockers are an effective but controversial solution. If you have to use a search engine to find a software download, avoid clicking on results with the word "ad" next to them.

Until Google Ads responds to the malvertising campaigns, users should find other ways to look for software. TechSpot readers should know that we offer safe downloads for many free programs like the ones mentioned in this article. Other tech sites do as well. The Wikipedia pages for programs also often include links to their official websites.

Permalink to story.



Posts: 126   +138
That's why you should always use an adblocker, no matter what websites and the like try to claim. They have shown they flat out refuse to filter ads, so why should you look out for them over yourself?

Google is removing adblock from its browsers, and that includes all chromium based browsers which is everything other than firefox pretty much. Chrome already had a gimped ad block to begin with. If people want to insist on continuing to have ads be security risks in order to have some misplaced brand loyalty to Google, well, that's on them at this point. People can't claim they care about security and then leave giant, common attack vectors. It's just stupid.


Posts: 927   +1,451
A while back, I was trying to save money on a Northface product as a Christmas gift so I looked up “northface factory outlet” on Bing. On the second page (and this is still there), are the first two results with realistic looking “outlet” websites and cheaper but reasonable prices. I had red flags go off when it required me to sign up for an account before I could pay—their goal is to at least steal personal information (not necessarily payment info). Now visiting that site again, my modem blocks it as a risky spam page. You should always be careful of what you search for.


Posts: 218   +343
TechSpot Elite
I scroll past the sponsored links, and I check site certs before I download software. But I also don't download software very often. Outside of professional tools, for which I already know the vendor, I get most of my downloads from Steam.


Posts: 1,302   +348
I've lost faith in google searches (for tech purposes) for a few years now. it's ridden of ads and sketchy sites pretending to be someone else. not only that but the first 5 results are usually from those websites that has farmed SEO points, aka clickbait sites.

what I did was search add reddit prefix to my tech question, look for the answer there, and re-search the solution name in google. for an example, I want to search for a bit-by-bit disk cloning freeware. typing that question in google will just give me clickbait results. search for the question in reddit, got the name of the freeware and google the freeware name again. it's much faster than combing the google search results full of clickbaits and malicious ads.


Posts: 572   +1,070
I suppose in a related way, last week I was lamenting the loss of Cool Edit Pro and decided to see if I could find a legit place to download a copy from. Turns out, TechSpot have a copy, thanks guys!


Posts: 140   +168
Using a AdBlock helps against this quite well.

In a way this could be a hint from hackers letting us know it's time to stop the intrusive ads by getting adblockers.

Avro Arrow

Posts: 3,584   +4,630
When I'm looking for random software utilities, I don't search for them in Google. I just type "" and grab whatever from there. :laughing:


Posts: 28   +14
It's always safest to go directly to the author's main website to download their products, if they offer it there, that is.

Feng Lengshun

Posts: 56   +24
This issue is legitimately why I have only been installing stuff through chocolatey and winget the entire time I got this laptop that has Windows 11 by default. Other than those two sources, I trust github releases as well, though in those cases they usually are also available on winget as well.

Package managers are just so good, and everyone should use them.
Not open for further replies.